Privacy USA

As of March 5, 2003, US authorities have asked airlines operating flights to, from, or through the US to provide the US Bureau of Customs and Border Protection (CBP) electronic access to passenger data, for security and protection purposes.
Airlines not complying with this request may face heavy fines and even loss of landing rights, as well as seeing their passengers subject to accurate and prolonged controls in the US airports, with all possible consequent inconveniences.

Like all European  carriers flying from, to or through the US, Alitalia complies with these requirements. The transfer of passenger data to the US authorities is a prerequisite for operating transport services to, from, or through the US. 
Providing passengers’ data to the USA Authorities is a mandatory requirement to be able to operate flights to/from or via the USA. Should a passenger refuse to provide such data, this would result in the impossibility to travel to/from or via the USA. Therefore Alitalia, observing the requirements set by the Authorities, reserves the right to cancel all bookings where the required data is still missing 72 hours before the travel date.  

Besides, the Council of the European Union, with Decision 2004/496/EC of 17 May 2004, has approved the Agreement between the European Community  and the United States of America of 11 May 2004 "on the processing and transfer of PNR data by Air carriers to the United States Department of Homeland Security, Bureau of Customs and Border Protection".

Taking into account the specific undertakings assumed by the United States of America under this Agreement, regarding the level of protection granted to PNR personal data transferred from the European Community, the European Commission with Decision 2004/535/EC of 14 May 2004, has stated that this country complies with the law personal data protection requirements provided by the European Directive 95/46/EC of 24 October 1995 for data transfer to a third country such as the United States of America.

For this reason Alitalia believes that it is essential passengers to be aware of the following information, which results from the statements provided by the US authorities and here below expressed under specific questions.

Data

What kind of information on passenger is accessed?

The United States Bureau of Customs and Border Protection (US CBP) has access to Passenger Name Record data (PNR) concerning flight into, out of or through the US. These are files created in the registration system used by airlines for each itinerary booked by a passenger. 

They contain different kind of information such as name, contact details, details of the flight (date of travel, origin and destination, seat number, number of bags etc.) and other elements such as the travel agency involved, form of payment etc. P
PNR includes, therefore, any information the passenger has provided during the booking process.

In addition, passport data of passengers are transferred immediately after take off to customs and immigration authorities in the US. They include surname, first name, date of birth, nationality, passport number and gender.

Authorities and purposes

Who will have access to passenger data, store and use them, and for what purpose will they be used?

Data will be accessed by the CBP which is a component of the US Department of Homeland Security. CBP will use the data for preventing and combating terrorism and serious criminal offences.

CBP will oppose disclosure of the data to the public under existing US legislation. In accordance with the American legislation, however, the data may be transferred to other US authorities with counter-terrorism or law enforcement functions, on a case by case basis, for purposes of preventing and combating terrorism or other similar offences. 
They may also be disclosed when necessary for the protection of vital interest of passengers or third persons (for example in relation to a public health emergency) or for the pursuit of crimina1 judicial proceedings or as otherwise required by law.

Data processing

What is done with passenger data? 

The data is collected from the reservation system by CBP up to 48 hours prior to the departure of the flight and used to make passengers' controls prior to their arrival, with the aim of facilitating the admission of the majority of travellers and focusing CBP resources on the very small number of passengers who may present a real risk. 
The data will be stored for a period of seven to fifteen years. The US authorities will adopt appropriate technical and organisational measures to prevent unauthorised use of the data.

Rights of the passengers

What are passengers' rights and how can they enforce them? 

The US authorities have undertaken not to oppose in principle passenger requests to receive a copy of the PNR data contained in their databases.
Passengers may seek rectification of their data and obtain it where CBP or TSA consider  that correction is justified and properly supported. A negative decision could be judicially challenged.
Requests for rectification and complaints about handling of PNR data maybe addressed by passengers (directly or via the Data Protection Authority of a EU Member State) to the CBP's Office of Field Operations: U.S. Customs FP&F Officer, Room 200, Bldg. # 77, JFK International Airport, Jamaica, NY 11430.

Decisions by these bodies may be reviewed by the Chief Privacy Officer of the Department of Homeland Security.
Passengers may obtain more information through the data protection authority of their country.
For Italy you may contact: Garante per la Protezione dei Dati Personali, Piazza Montecitorio, 121 - 00186 Roma, ph. 0039 06 69677713, fax 0039 06 69677715.
At present time Alitalia permits the access to the Data only to US authorities.

Nevertheless, in the next future it is not to be excluded that other countries' authorities will adopt equivalent systems of access to the Data of airlines operating flights to, from or through their territory.


Alitalia Privacy policy

Press Legal Info Investor Relations Privacy Security

© Copyright Alitalia - Compagnia Aerea Italiana S.p.A.

P. IVA 02500880121 Piazza Almerico da Schio Pal. RPU - 00054 Fiumicino (RM)